Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 134) Show all publications
Lagerström, R., Johnson, P. & Ekstedt, M. (2017). Automatic Design of Secure Enterprise Architecture. In: Halle, S Dijkman, R Lapalme, J (Ed.), PROCEEDINGS OF THE 2017 IEEE 21ST INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS AND DEMONSTRATIONS (EDOCW 2017): . Paper presented at 21st IEEE International Enterprise Distributed Object Computing Conference (EDOC), OCT 10-13, 2017, Quebec City, CANADA (pp. 65-70). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Automatic Design of Secure Enterprise Architecture
2017 (English)In: PROCEEDINGS OF THE 2017 IEEE 21ST INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS AND DEMONSTRATIONS (EDOCW 2017) / [ed] Halle, S Dijkman, R Lapalme, J, Institute of Electrical and Electronics Engineers (IEEE), 2017, p. 65-70Conference paper, Published paper (Refereed)
Abstract [en]

Architecture models mainly have three functions; 1) document, 2) analyze, and 3) improve the system under consideration. All three functions have suffered from being time-consuming and expensive, mainly due to being manual processes in need of hard to find expertise. Recent work has however automated both the data collection and the analysis. In order for enterprise architecture modeling to finally become free of manual labor the design function also needs to be automated. In this position paper we propose the Automatic Designer. A solution that employs machine learning techniques to realize the design of (near) optimal architecture solutions. This particular implementation is focused on security analysis, but could easily be extended to other topics.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2017
Series
IEEE International Enterprise Distributed Object Computing Conference Workshops-EDOCW, ISSN 2325-6583
National Category
Other Computer and Information Science
Identifiers
urn:nbn:se:kth:diva-220665 (URN)10.1109/EDOCW.2017.19 (DOI)000417417800011 ()2-s2.0-85043595735 (Scopus ID)978-1-5386-1568-3 (ISBN)
Conference
21st IEEE International Enterprise Distributed Object Computing Conference (EDOC), OCT 10-13, 2017, Quebec City, CANADA
Note

QC 20171229

Available from: 2017-12-29 Created: 2017-12-29 Last updated: 2018-03-27Bibliographically approved
Vernotte, A., Johnson, P., Ekstedt, M. & Lagerström, R. (2017). In-Depth Modeling of the UNIX Operating System for Architectural Cyber Security Analysis. In: Halle, S Dijkman, R Lapalme, J (Ed.), PROCEEDINGS OF THE 2017 IEEE 21ST INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS AND DEMONSTRATIONS (EDOCW 2017): . Paper presented at 21st IEEE International Enterprise Distributed Object Computing Conference (EDOC), OCT 10-13, 2017, Quebec City, CANADA (pp. 127-136). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>In-Depth Modeling of the UNIX Operating System for Architectural Cyber Security Analysis
2017 (English)In: PROCEEDINGS OF THE 2017 IEEE 21ST INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS AND DEMONSTRATIONS (EDOCW 2017) / [ed] Halle, S Dijkman, R Lapalme, J, Institute of Electrical and Electronics Engineers (IEEE), 2017, p. 127-136Conference paper, Published paper (Refereed)
Abstract [en]

ICT systems have become an integral part of business and life. At the same time, these systems have become extremely complex. In such systems exist numerous vulnerabilities waiting to be exploited by potential threat actors. pwnPr3d is a novel modelling approach that performs automated architectural analysis with the objective of measuring the cyber security of the modeled architecture. Its integrated modelling language allows users to model software and hardware components with great level of details. To illustrate this capability, we present in this paper the metamodel of UNIX, operating systems being the core of every software and every IT system. After describing the main UNIX constituents and how they have been modelled, we illustrate how the modelled OS integrates within pwnPr3d's rationale by modelling the spreading of a self-replicating malware inspired by WannaCry.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2017
Series
IEEE International Enterprise Distributed Object Computing Conference Workshops-EDOCW, ISSN 2325-6583
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-220666 (URN)10.1109/EDOCW.2017.26 (DOI)000417417800020 ()2-s2.0-85043606711 (Scopus ID)978-1-5386-1568-3 (ISBN)
Conference
21st IEEE International Enterprise Distributed Object Computing Conference (EDOC), OCT 10-13, 2017, Quebec City, CANADA
Funder
EU, FP7, Seventh Framework Programme, 607109Swedish Civil Contingencies Agency
Note

QC 20180108

Available from: 2018-01-08 Created: 2018-01-08 Last updated: 2018-02-20Bibliographically approved
Johnson, P., Lagerström, R., Ekstedt, M. & Franke, U. (2016). Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis. IEEE Transactions on Dependable and Secure Computing
Open this publication in new window or tab >>Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis
2016 (English)In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018Article in journal (Refereed) Published
Abstract [en]

The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for assessing software vulnerabilities. However, it has been criticized for lack of validity and practitioner relevance. In this paper, the credibility of the CVSS scoring data found in five leading databases – NVD, X-Force, OSVDB, CERT-VN, and Cisco – is assessed. A Bayesian method is used to infer the most probable true values underlying the imperfect assessments of the databases, thus circumventing the problem that ground truth is not known. It is concluded that with the exception of a few dimensions, the CVSS is quite trustworthy. The databases are relatively consistent, but some are better than others. The expected accuracy of each database for a given dimension can be found by marginalizing confusion matrices. By this measure, NVD is the best and OSVDB is the worst of the assessed databases.

Place, publisher, year, edition, pages
IEEE Press, 2016
Keywords
cyber security, software vulnerability, CVSS, information security
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-200695 (URN)10.1109/TDSC.2016.2644614 (DOI)
Note

QC 20170202

Available from: 2017-02-01 Created: 2017-02-01 Last updated: 2018-01-15Bibliographically approved
Johnson, P., Vernotte, A., Ekstedt, M. & Lagerström, R. (2016). pwnPr3d: an Attack Graph Driven Probabilistic Threat Modeling Approach. In: Availability, Reliability and Security (ARES), 2016 11th International Conference on: . Paper presented at International Conference on Availability, Reliability and Security (ARES). IEEE conference proceedings
Open this publication in new window or tab >>pwnPr3d: an Attack Graph Driven Probabilistic Threat Modeling Approach
2016 (English)In: Availability, Reliability and Security (ARES), 2016 11th International Conference on, IEEE conference proceedings, 2016Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we introduce pwnPr3d, a probabilistic threat modeling approach for automatic attack graph generation based on network modeling. The aim is to provide stakeholders in organizations with a holistic approach that both provides high-level overview and technical details. Unlike many other threat modeling and attack graph approaches that rely heavily on manual work and security expertise, our language comes with built-in security analysis capabilities. pwnPr3d generates probability distributions over the time to compromise assets.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2016
Keywords
:Threat Modeling; Network Security; Attack Graphs
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-200698 (URN)10.1109/ARES.2016.77 (DOI)000391214400034 ()2-s2.0-85015304142 (Scopus ID)
Conference
International Conference on Availability, Reliability and Security (ARES)
Note

QC 20170202

Available from: 2017-02-01 Created: 2017-02-01 Last updated: 2017-05-19Bibliographically approved
Johnson, P., Vernotte, A., Gorton, D., Ekstedt, M. & Lagerström, R. (2016). Quantitative Information Security Risk Estimation using Probabilistic Attack Graphs. In: RISK: International Workshop on Risk Assessment and Risk-driven Testing: 4th International Workshop, RISK 2016, Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers. Paper presented at 4th International Workshop on Risk Assessment and Risk Driven Quality Assurance, RISK 2016 held in conjunction with 28th International Conference on Testing Software and Systems, ICTSS 2016, Graz, Austria, 18 October 2016 through 18 October 2016 (pp. 37-52). Springer, 10224
Open this publication in new window or tab >>Quantitative Information Security Risk Estimation using Probabilistic Attack Graphs
Show others...
2016 (English)In: RISK: International Workshop on Risk Assessment and Risk-driven Testing: 4th International Workshop, RISK 2016, Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers, Springer, 2016, Vol. 10224, p. 37-52Conference paper, Published paper (Refereed)
Abstract [en]

This paper proposes an approach, called pwnPr3d, for quantitatively estimating information security risk in ICT systems. Unlike many other risk analysis approaches that rely heavily on manual work and security expertise, this approach comes with built-in security risk analysis capabilities. pwnPr3d combines a network architecture modeling language and a probabilistic inference engine to automatically generate an attack graph, making it possible to identify threats along with the likelihood of these threats exploiting a vulnerability. After defining the value of information assets to their organization with regards to confidentiality, integrity and availability breaches, pwnPr3d allows users to automatically quantify information security risk over time, depending on the possible progression of the attacker. As a result, pwnPr3d provides stakeholders in organizations with a holistic approach that both allows high-level overview and technical details.

Place, publisher, year, edition, pages
Springer, 2016
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), ISSN 0302-9743 ; 10224
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-200700 (URN)10.1007/978-3-319-57858-3_4 (DOI)000426090100004 ()2-s2.0-85018370233 (Scopus ID)9783319578576 (ISBN)
Conference
4th International Workshop on Risk Assessment and Risk Driven Quality Assurance, RISK 2016 held in conjunction with 28th International Conference on Testing Software and Systems, ICTSS 2016, Graz, Austria, 18 October 2016 through 18 October 2016
Funder
Swedish Civil Contingencies AgencyEU, FP7, Seventh Framework Programme, 607109
Note

QC 20171030

Available from: 2017-02-01 Created: 2017-02-01 Last updated: 2018-03-09Bibliographically approved
Johnson, P. & Ekstedt, M. (2016). The Tarpit - A general theory of software engineering. Information and Software Technology, 70, 181-203
Open this publication in new window or tab >>The Tarpit - A general theory of software engineering
2016 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 70, p. 181-203Article in journal (Refereed) Published
Abstract [en]

Context: Recent years have seen an increasing interest in general theories of software engineering. As in other academic fields, these theories aim to explain and predict the key phenomena of the discipline. Objective: The present article proposes a general theory of software engineering that we have labeled the Tarpit theory, in reference to the 1982 epigram by Alan Perlis. Method: An integrative theory development approach was employed to develop the Tarpit theory from four underlying theoretical fields: (i) languages and automata, (ii) cognitive architecture, (iii) problem solving, and (iv) organization structure. Its applicability was explored in three test cases. Results: The theory demonstrates an explanatory and predictive potential for a diverse set of software engineering phenomena. It demonstrates a capability of explaining Brooks's law, of making predictions about domain-specific languages, and of evaluating the pros and cons of the practice of continuous integration. Conclusion: The presented theory appears capable of explaining and predicting a wide range of software engineering phenomena. Further refinement and application of the theory remains as future work.

Place, publisher, year, edition, pages
Elsevier, 2016
Keywords
Software engineering, Theory, Languages and automata, Cognitive architecture, Problem solving, Organization structure
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kth:diva-181342 (URN)10.1016/j.infsof.2015.06.001 (DOI)000367697600014 ()2-s2.0-84949534567 (Scopus ID)
Note

QC 20160205

Available from: 2016-02-05 Created: 2016-02-01 Last updated: 2018-01-10Bibliographically approved
Narman, P., Johnson, P. & Gingnell, L. (2016). Using enterprise architecture to analyse how organisational structure impact motivation and learning. Enterprise Information Systems, 10(5), 523-562
Open this publication in new window or tab >>Using enterprise architecture to analyse how organisational structure impact motivation and learning
2016 (English)In: Enterprise Information Systems, ISSN 1751-7575, E-ISSN 1751-7583, Vol. 10, no 5, p. 523-562Article in journal (Refereed) Published
Abstract [en]

When technology, environment, or strategies change, organisations need to adjust their structures accordingly. These structural changes do not always enhance the organisational performance as intended partly because organisational developers do not understand the consequences of structural changes in performance. This article presents a model-based analysis framework for quantitative analysis of the effect of organisational structure on organisation performance in terms of employee motivation and learning. The model is based on Mintzberg's work on organisational structure. The quantitative analysis is formalised using the Object Constraint Language (OCL) and the Unified Modelling Language (UML) and implemented in an enterprise architecture tool.

Place, publisher, year, edition, pages
Taylor & Francis, 2016
Keywords
contingency theory, organisational structure, enterprise modelling, architecture analysis, enterprise architecture
National Category
Information Systems Computer Sciences
Identifiers
urn:nbn:se:kth:diva-185049 (URN)10.1080/17517575.2014.986211 (DOI)000372040400003 ()2-s2.0-84919933262 (Scopus ID)
Note

QC 20160415

Available from: 2016-04-15 Created: 2016-04-11 Last updated: 2018-01-10Bibliographically approved
Ekstedt, M., Johnson, P. & Lagerström, R. (2015). Enterprise Architecture Modeling and Analysis of Quality Attributes: The Multi-Attribute Prediction Language (MAPL). In: Jakob Axelsson (Ed.), Proceedings of the 1st Scandinavian Workshop on the Engineering of Systems-of-Systems (SWESoS 2015): . Paper presented at The 1st Scandinavian Workshop on the Engineering of Systems-of-Systems (SWESoS) (pp. 10-12). SICS
Open this publication in new window or tab >>Enterprise Architecture Modeling and Analysis of Quality Attributes: The Multi-Attribute Prediction Language (MAPL)
2015 (English)In: Proceedings of the 1st Scandinavian Workshop on the Engineering of Systems-of-Systems (SWESoS 2015) / [ed] Jakob Axelsson, SICS , 2015, p. 10-12Conference paper, Oral presentation with published abstract (Other academic)
Place, publisher, year, edition, pages
SICS, 2015
Series
SICS Technical Report ; T2015:04
National Category
Information Systems
Identifiers
urn:nbn:se:kth:diva-168957 (URN)
Conference
The 1st Scandinavian Workshop on the Engineering of Systems-of-Systems (SWESoS)
Funder
ÅForsk (Ångpanneföreningen's Foundation for Research and Development)
Note

QC 20150618

Available from: 2015-06-09 Created: 2015-06-09 Last updated: 2018-01-11Bibliographically approved
Johnson, P. & Ekstedt, M. (2015). Exploring theory of cognition for general theory of software engineering: Predicting the effort of programming language comprehension. In: Proceedings - 4th SEMAT Workshop on General Theory of Software Engineering, GTSE 2015: . Paper presented at 4th SEMAT Workshop on General Theory of Software Engineering, GTSE 2015; Florence; Italy (pp. 15-24). IEEE
Open this publication in new window or tab >>Exploring theory of cognition for general theory of software engineering: Predicting the effort of programming language comprehension
2015 (English)In: Proceedings - 4th SEMAT Workshop on General Theory of Software Engineering, GTSE 2015, IEEE , 2015, p. 15-24Conference paper, Published paper (Refereed)
Abstract [en]

In recent years, there has been significant interest in general theories of software engineering. In this article, we explore the utility of a theory of cognition, ACT-R, as a component of such a general theory. The ACT-R theory was instantiated to predict the effort of programming language comprehension for two cases: (i) a C program, and (ii) the corresponding Assembly program. An experiment was then conducted to generate empirical data on the two comprehension tasks. The theoretical predictions were compared to the empirical results. The theoretical model predicted that the effort of understanding the considered program in C is 37% of the effort of understanding a comparable program written in Assembly. The experiment generated 33% as the corresponding percentage number. The concordance between theoretical model and experimental data was surprisingly high, encouraging further investigations into the utility of cognitive theories in software engineering.

Place, publisher, year, edition, pages
IEEE, 2015
Keywords
Ada (programming language), C (programming language), Computational linguistics, Computer programming languages, Software engineering, ACT-R, Cognitive theory, Comprehension tasks, General theory, Language comprehensions, Program comprehension, Theoretical modeling, Theory of cognitions, Programming theory
National Category
Software Engineering
Identifiers
urn:nbn:se:kth:diva-187143 (URN)10.1109/GTSE.2015.9 (DOI)000380612700003 ()2-s2.0-84954242444 (Scopus ID)
External cooperation:
Conference
4th SEMAT Workshop on General Theory of Software Engineering, GTSE 2015; Florence; Italy
Note

QC 20160517

Available from: 2016-05-17 Created: 2016-05-17 Last updated: 2018-01-10Bibliographically approved
Välja, M., Korman, M., Shahzad, K. & Johnson, P. (2015). Integrated metamodel for security analysis. In: 2015 48TH HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS): . Paper presented at 48th Annual Hawaii International Conference on System Sciences (HICSS), JAN 05-08, 2015, Kauai, HI (pp. 5192-5200). IEEE Computer Society
Open this publication in new window or tab >>Integrated metamodel for security analysis
2015 (English)In: 2015 48TH HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS), IEEE Computer Society, 2015, p. 5192-5200Conference paper, Published paper (Refereed)
Abstract [en]

This paper proposes a metamodel for analyzing security aspects of enterprise architecture by combining analysis of cybersecurity with analysis of interoperability and availability. The metamodel extends an existing attack graph based metamodel for cybersecurity modeling and evaluation, (PCySeMoL)-Cy-2, and incorporates several new elements and evaluation rules. The approach improves security analysis by combining two ways of evaluating reachability: one which considers ordinary user activity and another, which considers technically advanced techniques for penetration and attack. It is thus permitting to evaluate security in interoperability terms by revealing attack possibilities of legitimate users. Combined with data import from various sources, like an enterprise architecture data repository, the instantiations of the proposed metamodel allow for a more holistic overview of the threats to the architecture than the previous version. Additional granularity is added to the analysis with the reachability need concept and by enabling the consideration of unavailable and unreliable systems.

Place, publisher, year, edition, pages
IEEE Computer Society, 2015
Series
Proceedings of the Annual Hawaii International Conference on System Sciences, ISSN 1060-3425
National Category
Computer Sciences
Identifiers
urn:nbn:se:kth:diva-181009 (URN)10.1109/HICSS.2015.613 (DOI)000366264105039 ()2-s2.0-84944219720 (Scopus ID)978-1-4799-7367-5 (ISBN)
Conference
48th Annual Hawaii International Conference on System Sciences (HICSS), JAN 05-08, 2015, Kauai, HI
Note

QC 20160126

Available from: 2016-01-26 Created: 2016-01-26 Last updated: 2018-01-10Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-3293-1681

Search in DiVA

Show all publications